CONTACT

Is Social Media a Bait for Cyber Criminals?

October 02, 2010

3 Comments

2153

A couple of months ago I got a phone call from an acquaintance, Doread at around 2:00 a.m in the morning, I thought it was outrageous and impolite that he would call at such a late hour, only to learn that he was calling to check up on me. Someone has sent him an instant message on Facebook telling him that I was dead and that condolences would be held at my house for the following three days. It wasn’t until a few minutes later than my cell phone was ringing off the hook and I began to freak out, I had no access to my Facebook, email or any connection to the outside world. I logged into a friends Facebook only to find out that a person has changed my status, created a group and sent all of my friends an instant message announcing me dead.

By 5:00 a.m I was hysterically crying, I couldn’t fall asleep, because it had gotten to the point that my phone wouldn’t shut up and I was too scared to fall asleep and possibly never wake up so I pulled an all nighhters and asked some of my friend and students to spread the word and let people know it wasn’t true until I filed a got complaint with Facebook that my account has been hacked and that someone has been impersonating me, and I pretty much had to do the same procedure with my mail service provider.

Within 24 hours, I had my email and Facebook back and changed my password combinations to make them as difficult to crack as possible and decided to sleep on it, in about five years, I wasn’t hacked once or impersonated so I figured it was time for a password change, but then tonight something went different. My friend Anas called me up around 10 and told me he’s account has been compromised, I was worried as I knew the password combinations to his account, but he assured me that he wasn’t pointing fingers and just needed help resetting his password, of course I was more than happy to reset his password for him, and I took a screen shot of his Facebook reset where it specified the IP that has changed his account login credentials. I tried logging on to my Facebook and guess what it wasn’t there, my password was changed. I just felt lucky that I have my own private email that’s linked to my Facebook, so resetting my password took a simple click, but I went through the whole Facebook password retrieval process to find out that the same I.P that has changed the login details for my friend Anas has been on my Facebook as well.

I freaked out and sent a text message to a friend asking him if he could track down the IP, he said he could track it down to the ISP but not the user, and made it very clear to me that this is not to be taken lightly, and I quote: “The IP address you sent me traces back to Orange. So if you really want to purse this further, call them up. Most likely they won’t give you any information since it’s confidential, so you’ll just have to go to the police and they’ll be able to get a court-order. Again, that is if you want to take it further. If it were you I’d let it go this time. If it happens again, then its a different story though.”

At that point I figured, well if it happens again, it happens, but I realized am not alone, I logged into twitter and one of my friends Mary was suffering from a hacked account as well! Her twitter read: “Hacking my facebook fhimna,my hotmail fhimna,but talking 2 my friends, emailing them & impersonating me is just sick!” and that’s when I started wondering, how safe are we online? We’re just normal people so whatever is in our social network accounts is fun, games and texts back and forth between our friends and ourselves, so what makes our lives so appealing to hackers out there, and what do they get out of it?

When did Jordan become so unsafe and vulnerable online? And what actions should be taken to stop hackers out there from being part of people’s life?! I’m sure everyone’s offline life is as private as their online life, so there must be something that one can do to stop all of this…

Comments

In other news, I think the problem mainly lies with the user(s) that actually get hacked. Believe it or not, 95% of them so-called “hackers” don’t usually type 300 words-per-minute, operate in a sword-fish-like setting, nor are able to hack through 128 bits of encryption.

Now don’t get me wrong, these bad boys do exist. I’m just saying that in your normal case of account theft, they may not be involved. In all likelihood, the victim may very well know the person who “hacked” their email and/or social media accounts.

Also, and this is of paramount importance, realize that not all hackers change the password of an account once they obtain it. Many subtle stalkers would actually keep the password(s) intact so they can freely check emails, private messages, etc..

In short, no one is really safe until they take the effort to learn the basics of internet security. You need to know how something works before you can protect yourself from it. And remember, everything in life has the ability of becoming a double-edged sword.

Since its almost 7 AM and i have nothing better to do, I might as well point you in the right direction. I’ll try to keep it short since this is merely a comment after all.

===
How them “so-called hackers” do it:
===

1: Phishing sites: These are websites that look legit (facebook,hotmail, etc). You may be given the link to such a website by a person you usually know, either against their will or with their full consent. The message can either involve a personal request, or a super-awesome offer.

When you get a suspicious request and/or link, the first thing you do is check the URL and the website certificate. If the link is supposed to be for “msn or hotmail groups” and the URL goes something like “http://m36.tx.la/login.live.com/?wa-signinID4444imsupergaY34445” then you know you got yourself a phishing site.

This is merely one example, but apply the basic principles to all other sites you see with a hint of common sense. “Why does a facebook page requires a re-login when I’m already logged-in for example?”

2: Trojans/Keyloggers : These may be more difficult to detect, since they usually tend to remain hidden. Your best bet is prevention. Don’t download any suspicious looking files from suspicious looking sites. Don’t open any file without scanning it for viruses using your email scanner and your computer anti-virus. As for keyloggers, they are programmed to detect keystrokes, so make sure you spice up your password a bit. Include lower and upper case characters, random characters like exclamation marks and other symbols.

Many keyloggers can’t detect such symbols, and such a password usually adds an extra layer of security. An example password would be: L!o!L#imSo!secureD!

Now, here are a few tips for prevention and possibly curing an infection if one is suspected.

1: Get a decent anti-virus, and keep it up to date. Invest in security and never go for “cracked” or “illegally obtained” software. Especially when it comes to anti-virus software.

I personally recommend Kaspersky or BitDefender. They both have “Internet Security” packages, which can be extremely helpful for the novice Web surfer.

2: Get a decent Spyware detector, and run routine scans. “Spybot Search & Destroy” has proven its effectiveness, but you can use other decent ones out there.

3: Always enable your firewalls. Be it your average Windows firewall, router’s firewall, or one that comes with a third-party security package.

3: Keep your operating system updated. And i cannot stress how important this is. Always update your Java or really anything your operating system tells you needs updating. There may be security holes within your operating system that enables more advanced hackers to sniff your data with utter ease.

5: Keep track of the programs that are running on your computer. Keyloggers tend to run in the background, out of sight. You can check the programs via the Task Manager by pressing (Ctrl + Alt + Delete) – If you suspect a running application, google its full name and browse through the ocean of results to get an idea of what that app is.

6: Finally and most importantly, use rational judgment and common sense. Avoid suspicious links, websites, emails, and weird personal requests from friends like the plague. Don’t be too trusting and always know that evil resides within the closest people we may call friends.

my first guess is you have a Trojan horse in your PC, do the fifth step that hassan posts, if you find this application you need to restart your computer and run on safe mode (press F8 before your the windows starts)
then from start>run type “regedit” then press “CTRl+F” type the name of application that you previously found and delete the registry file. then trace the file in path C:>windows C:windows>system and C:windows>system32 and problem solved

my second guess is you email password is cracked so you when you recover your email account change the question that yo put if you forgot your password and other thing DO NOT USE public computer or DO NOT let anyone use your PC just to make sure

7-8 years back my E-mail was hacked, it caused me headaches that I can`t even begin to address! I lost some friends 4 ever because of that.
I`m sure the majority had experienced such thing, one way or another, it is scary to say the least!
Imagine that u have a “new” friend on one of social media applications, and out of a sudden that friend/contact gets an E-mail, a tweet, … saying something “weird” or embarrassing, or what have u… chances r that it will ruin yr relation with that person 4 good! s/he might block u and u may have very hard time trying to explain the situ.!
I think it`s not fun to do so even amongst closed-circles. We need more security + verifiable mechanisms but where to start? “every security tool has a urging need 4 SOME1 to break it!”